$older_than ) && @unlink($file) ) ? true : false; } // END hesk_unlink() function hesk_utf8_urldecode($in) { $in = preg_replace("/%u([0-9a-f]{3,4})/i","\\1;", urldecode($in)); return hesk_html_entity_decode($in); } // END hesk_utf8_urldecode function hesk_COOKIE($in, $default = '') { return isset($_COOKIE[$in]) && ! is_array($_COOKIE[$in]) ? $_COOKIE[$in] : $default; } // END hesk_COOKIE(); function hesk_GET($in, $default = '') { return isset($_GET[$in]) && ! is_array($_GET[$in]) ? $_GET[$in] : $default; } // END hesk_GET() function hesk_POST($in, $default = '') { return isset($_POST[$in]) && ! is_array($_POST[$in]) ? $_POST[$in] : $default; } // END hesk_POST() function hesk_REQUEST($in, $default = false) { return isset($_GET[$in]) ? hesk_input( hesk_GET($in) ) : ( isset($_POST[$in]) ? hesk_input( hesk_POST($in) ) : $default ); } // END hesk_REQUEST() function hesk_isREQUEST($in) { return isset($_GET[$in]) || isset($_POST[$in]) ? true : false; } // END hesk_isREQUEST() function hesk_htmlspecialchars_decode($in) { return str_replace( array('&', '<', '>', '"'), array('&', '<', '>', '"'), $in); } // END hesk_htmlspecialchars_decode() function hesk_html_entity_decode($in) { return html_entity_decode($in, ENT_COMPAT | ENT_XHTML, 'UTF-8'); #return html_entity_decode($in, ENT_COMPAT | ENT_XHTML, 'ISO-8859-1'); } // END hesk_html_entity_decode() function hesk_htmlspecialchars($in) { return htmlspecialchars($in, ENT_COMPAT | ENT_SUBSTITUTE | ENT_XHTML, 'UTF-8'); #return htmlspecialchars($in, ENT_COMPAT | ENT_SUBSTITUTE | ENT_XHTML, 'ISO-8859-1'); } // END hesk_htmlspecialchars() function hesk_htmlentities($in) { return htmlentities($in, ENT_COMPAT | ENT_SUBSTITUTE | ENT_XHTML, 'UTF-8'); #return htmlentities($in, ENT_COMPAT | ENT_SUBSTITUTE | ENT_XHTML, 'ISO-8859-1'); } // END hesk_htmlentities() function hesk_slashJS($in) { return str_replace( '\'', '\\\'', $in); } // END hesk_slashJS() function hesk_verifyEmailMatch($trackingID, $my_email = 0, $ticket_email = 0, $error = 1) { global $hesk_settings, $hesklang, $hesk_db_link; /* Email required to view ticket? */ if ( ! $hesk_settings['email_view_ticket']) { $hesk_settings['e_param'] = ''; $hesk_settings['e_query'] = ''; return true; } /* Limit brute force attempts */ hesk_limitBfAttempts(); /* Get email address */ if ($my_email) { $hesk_settings['e_param'] = '&e=' . rawurlencode($my_email); $hesk_settings['e_query'] = '&e=' . rawurlencode($my_email); } else { $my_email = hesk_getCustomerEmail(); } /* Get email from ticket */ if ( ! $ticket_email) { $res = hesk_dbQuery("SELECT `email` FROM `".$hesk_settings['db_pfix']."tickets` WHERE `trackid`='".hesk_dbEscape($trackingID)."' LIMIT 1"); if (hesk_dbNumRows($res) == 1) { $ticket_email = hesk_dbResult($res); } else { hesk_process_messages($hesklang['ticket_not_found'],'ticket.php'); } } /* Validate email */ if ($hesk_settings['multi_eml']) { $valid_emails = explode(',', strtolower($ticket_email) ); if ( in_array(strtolower($my_email), $valid_emails) ) { /* Match, clean brute force attempts and return true */ hesk_cleanBfAttempts(); return true; } } elseif ( strtolower($ticket_email) == strtolower($my_email) ) { /* Match, clean brute force attempts and return true */ hesk_cleanBfAttempts(); return true; } /* Email doesn't match, clean cookies and error out */ if ($error) { setcookie('hesk_myemail', ''); hesk_process_messages($hesklang['enmdb'],'ticket.php?track='.$trackingID.'&Refresh='.rand(10000,99999)); } else { return false; } } // END hesk_verifyEmailMatch() function hesk_getCustomerEmail($can_remember = 0) { global $hesk_settings, $hesklang; /* Email required to view ticket? */ if ( ! $hesk_settings['email_view_ticket']) { $hesk_settings['e_param'] = ''; $hesk_settings['e_query'] = ''; return ''; } /* Is this a form that enables remembering email? */ if ($can_remember) { global $do_remember; } $my_email = ''; /* Is email in query string? */ if ( isset($_GET['e']) || isset($_POST['e']) ) { $my_email = hesk_validateEmail( hesk_REQUEST('e') ,'ERR',0); } /* Is email in cookie? */ elseif ( isset($_COOKIE['hesk_myemail']) ) { $my_email = hesk_validateEmail( hesk_COOKIE('hesk_myemail'), 'ERR', 0); if ($can_remember && $my_email) { $do_remember = ' checked="checked" '; } } $hesk_settings['e_param'] = '&e=' . rawurlencode($my_email); $hesk_settings['e_query'] = '&e=' . rawurlencode($my_email); return $my_email; } // END hesk_getCustomerEmail() function hesk_formatBytes($size, $translate_unit = 1, $precision = 2) { global $hesklang; $units = array( 'GB' => 1073741824, 'MB' => 1048576, 'kB' => 1024, 'B' => 1 ); foreach ($units as $suffix => $bytes) { if ($bytes > $size) { continue; } $full = $size / $bytes; $round = round($full, $precision); if ($full == $round) { if ($translate_unit) { return $round . ' ' . $hesklang[$suffix]; } else { return $round . ' ' . $suffix; } } } return false; } // End hesk_formatBytes() function hesk_autoAssignTicket($ticket_category) { global $hesk_settings, $hesklang; /* Auto assign ticket enabled? */ if ( ! $hesk_settings['autoassign']) { return false; } $autoassign_owner = array(); /* Get all possible auto-assign staff, order by number of open tickets */ $res = hesk_dbQuery("SELECT `t1`.`id`,`t1`.`user`,`t1`.`name`, `t1`.`email`, `t1`.`language`, `t1`.`isadmin`, `t1`.`categories`, `t1`.`notify_assigned`, `t1`.`heskprivileges`, (SELECT COUNT(*) FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` FORCE KEY (`statuses`) WHERE `owner`=`t1`.`id` AND `status` IN ('0','1','2','4','5') ) as `open_tickets` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` AS `t1` WHERE `t1`.`autoassign`='1' ORDER BY `open_tickets` ASC, RAND()"); /* Loop through the rows and return the first appropriate one */ while ($myuser = hesk_dbFetchAssoc($res)) { /* Is this an administrator? */ if ($myuser['isadmin']) { $autoassign_owner = $myuser; $hesk_settings['user_data'][$myuser['id']] = $myuser; hesk_dbFreeResult($res); break; } /* Not and administrator, check two things: */ /* --> can view and reply to tickets */ if (strpos($myuser['heskprivileges'], 'can_view_tickets') === false || strpos($myuser['heskprivileges'], 'can_reply_tickets') === false) { continue; } /* --> has access to ticket category */ $myuser['categories']=explode(',',$myuser['categories']); if (in_array($ticket_category,$myuser['categories'])) { $autoassign_owner = $myuser; $hesk_settings['user_data'][$myuser['id']] = $myuser; hesk_dbFreeResult($res); break; } } return $autoassign_owner; } // END hesk_autoAssignTicket() function hesk_cleanID($field='track') { if ( isset($_GET[$field]) && ! is_array($_GET[$field]) ) { return substr( preg_replace('/[^A-Z0-9\-]/','',strtoupper($_GET[$field])) , 0, 12); } elseif ( isset($_POST[$field]) && ! is_array($_POST[$field]) ) { return substr( preg_replace('/[^A-Z0-9\-]/','',strtoupper($_POST[$field])) , 0, 12); } else { return false; } } // END hesk_cleanID() function hesk_createID() { global $hesk_settings, $hesklang, $hesk_error_buffer; /*** Generate tracking ID and make sure it's not a duplicate one ***/ /* Ticket ID can be of these chars */ $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789'; /* Set tracking ID to an empty string */ $trackingID = ''; /* Let's avoid duplicate ticket ID's, try up to 3 times */ for ($i=1;$i<=3;$i++) { /* Generate raw ID */ $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; /* Format the ID to the correct shape and check wording */ $trackingID = hesk_formatID($trackingID); /* Check for duplicate IDs */ $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid` = '".hesk_dbEscape($trackingID)."' LIMIT 1"); if (hesk_dbNumRows($res) == 0) { /* Everything is OK, no duplicates found */ return $trackingID; } /* A duplicate ID has been found! Let's try again (up to 2 more) */ $trackingID = ''; } /* No valid tracking ID, try one more time with microtime() */ $trackingID = $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= $useChars[mt_rand(0,29)]; $trackingID .= substr(microtime(), -5); /* Format the ID to the correct shape and check wording */ $trackingID = hesk_formatID($trackingID); $res = hesk_dbQuery("SELECT `id` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` WHERE `trackid` = '".hesk_dbEscape($trackingID)."' LIMIT 1"); /* All failed, must be a server-side problem... */ if (hesk_dbNumRows($res) == 0) { return $trackingID; } $hesk_error_buffer['etid'] = $hesklang['e_tid']; return false; } // END hesk_createID() function hesk_formatID($id) { $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789'; $replace = $useChars[mt_rand(0,29)]; $replace .= mt_rand(1,9); $replace .= $useChars[mt_rand(0,29)]; /* Remove 3 letter bad words from ID Possiblitiy: 1:27,000 */ $remove = array( 'ASS', 'CUM', 'FAG', 'FUK', 'GAY', 'SEX', 'TIT', 'XXX', ); $id = str_replace($remove,$replace,$id); /* Remove 4 letter bad words from ID Possiblitiy: 1:810,000 */ $remove = array( 'ANAL', 'ANUS', 'BUTT', 'CAWK', 'CLIT', 'COCK', 'CRAP', 'CUNT', 'DICK', 'DYKE', 'FART', 'FUCK', 'JAPS', 'JERK', 'JIZZ', 'KNOB', 'PISS', 'POOP', 'SHIT', 'SLUT', 'SUCK', 'TURD', // Also, remove words that are known to trigger mod_security 'WGET', ); $replace .= mt_rand(1,9); $id = str_replace($remove,$replace,$id); /* Format the ID string into XXX-XXX-XXXX format for easier readability */ $id = $id[0].$id[1].$id[2].'-'.$id[3].$id[4].$id[5].'-'.$id[6].$id[7].$id[8].$id[9]; return $id; } // END hesk_formatID() function hesk_cleanBfAttempts() { global $hesk_settings, $hesklang; /* If this feature is disabled, just return */ if ( ! $hesk_settings['attempt_limit'] || defined('HESK_BF_CLEAN') ) { return true; } /* Delete expired logs from the database */ $res = hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($_SERVER['REMOTE_ADDR'])."'"); define('HESK_BF_CLEAN', 1); return true; } // END hesk_cleanAttempts() function hesk_limitBfAttempts($showError=1) { global $hesk_settings, $hesklang; /* If this feature is disabled or already called, return false */ if ( ! $hesk_settings['attempt_limit'] || defined('HESK_BF_LIMIT') ) { return false; } /* Define this constant to avoid duplicate checks */ define('HESK_BF_LIMIT', 1); $ip = $_SERVER['REMOTE_ADDR']; /* Get number of failed attempts from the database */ $res = hesk_dbQuery("SELECT `number`, (CASE WHEN `last_attempt` IS NOT NULL AND DATE_ADD( last_attempt, INTERVAL " . hesk_dbEscape($hesk_settings['attempt_banmin']) . " MINUTE ) > NOW( ) THEN 1 ELSE 0 END) AS `banned` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` WHERE `ip`='".hesk_dbEscape($ip)."' LIMIT 1"); /* Not in the database yet? Add first one and return false */ if (hesk_dbNumRows($res) != 1) { hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` (`ip`) VALUES ('".hesk_dbEscape($ip)."')"); return false; } /* Get number of failed attempts and increase by 1 */ $row = hesk_dbFetchAssoc($res); $row['number']++; /* If too many failed attempts either return error or reset count if time limit expired */ if ($row['number'] >= $hesk_settings['attempt_limit']) { if ($row['banned']) { $tmp = sprintf($hesklang['yhbb'],$hesk_settings['attempt_banmin']); unset($_SESSION); if ($showError) { hesk_error($tmp,0); } else { return $tmp; } } else { $row['number'] = 1; } } hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."logins` SET `number`=".intval($row['number'])." WHERE `ip`='".hesk_dbEscape($ip)."' LIMIT 1"); return false; } // END hesk_limitAttempts() function hesk_getCategoryName($id) { global $hesk_settings, $hesklang; if (empty($id)) { return $hesklang['unas']; } // If we already have the name no need to query DB another time if ( isset($hesk_settings['category_data'][$id]['name']) ) { return $hesk_settings['category_data'][$id]['name']; } $res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($id)."' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { return $hesklang['catd']; } $hesk_settings['category_data'][$id]['name'] = hesk_dbResult($res,0,0); return $hesk_settings['category_data'][$id]['name']; } // END hesk_getOwnerName() function hesk_getOwnerName($id) { global $hesk_settings, $hesklang; if (empty($id)) { return $hesklang['unas']; } // If we already have the name no need to query DB another time if ( isset($hesk_settings['user_data'][$id]['name']) ) { return $hesk_settings['user_data'][$id]['name']; } $res = hesk_dbQuery("SELECT `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($id)."' LIMIT 1"); if (hesk_dbNumRows($res) != 1) { return $hesklang['unas']; } $hesk_settings['user_data'][$id]['name'] = hesk_dbResult($res,0,0); return $hesk_settings['user_data'][$id]['name']; } // END hesk_getOwnerName() function hesk_cleanSessionVars($arr) { if (is_array($arr)) { foreach ($arr as $str) { if (isset($_SESSION[$str])) { unset($_SESSION[$str]); } } } elseif (isset($_SESSION[$arr])) { unset($_SESSION[$arr]); } } // End hesk_cleanSessionVars() function hesk_process_messages($message,$redirect_to,$type='ERROR') { global $hesk_settings, $hesklang; switch ($type) { case 'SUCCESS': $_SESSION['HESK_SUCCESS'] = TRUE; break; case 'NOTICE': $_SESSION['HESK_NOTICE'] = TRUE; break; default: $_SESSION['HESK_ERROR'] = TRUE; } $_SESSION['HESK_MESSAGE'] = $message; /* In some cases we don't want a redirect */ if ($redirect_to == 'NOREDIRECT') { return TRUE; } header('Location: '.$redirect_to); exit(); } // END hesk_process_messages() function hesk_handle_messages() { global $hesk_settings, $hesklang; $return_value = true; // Primary message - only one can be displayed and HESK_MESSAGE is required if ( isset($_SESSION['HESK_MESSAGE']) ) { if ( isset($_SESSION['HESK_SUCCESS']) ) { hesk_show_success($_SESSION['HESK_MESSAGE']); } elseif ( isset($_SESSION['HESK_ERROR']) ) { hesk_show_error($_SESSION['HESK_MESSAGE']); $return_value = false; } elseif ( isset($_SESSION['HESK_NOTICE']) ) { hesk_show_notice($_SESSION['HESK_MESSAGE']); } hesk_cleanSessionVars('HESK_MESSAGE'); } // Cleanup any primary message types set hesk_cleanSessionVars('HESK_ERROR'); hesk_cleanSessionVars('HESK_SUCCESS'); hesk_cleanSessionVars('HESK_NOTICE'); // Secondary message if ( isset($_SESSION['HESK_2ND_NOTICE']) && isset($_SESSION['HESK_2ND_MESSAGE']) ) { hesk_show_notice($_SESSION['HESK_2ND_MESSAGE']); hesk_cleanSessionVars('HESK_2ND_NOTICE'); hesk_cleanSessionVars('HESK_2ND_MESSAGE'); } return $return_value; } // END hesk_handle_messages() function hesk_show_error($message,$title='') { global $hesk_settings, $hesklang; $title = $title ? $title : $hesklang['error']; ?>